<?php
/**
 * 后台登录验证
 */
class AuthControl extends Control{
	public function __init(){
		if(!session('admin_id')){
			go('Index/index');
		}
		//RBAC
		if(!$this->checkRbac()){
			$this->error('没有操作权限');
		}
		// p($this->checkRbac());
	}
	public function success($msg = '操作成功', $url = NULL, $time = 2, $tpl = null){
	    	if(IS_AJAX){
	    		$this->ajax(array('state'=>1,'message'=>$msg));
	    	}else{
	    		parent::success($msg,$url,$time,$tpl);
	    	}
    }
    public function error($msg = '操作失败', $url = NULL, $time = 2, $tpl = null){
    	if(IS_AJAX){
    		$this->ajax(array('state'=>0,'message'=>$msg));
    	}else{
    		parent::error($msg,$url,$time,$tpl);
    	}
    }
    public function checkRbac(){
		$app=strtolower(APP);
		$control=strtolower(CONTROL);
		$method=strtolower(METHOD);
		$sql="SELECT * FROM hd_g_node AS n WHERE app='$app' AND control='$control' AND method='$method'";
		$node=M()->query($sql);
		if($node==null){
			return true;
		}
		$sql = "SELECT * FROM hd_g_access AS a 
		WHERE nid={$node[0]['nid']} AND rid={$_SESSION['rid']}";
		$access = M()->query($sql);

		return $access;
		// $sql="SELECT * FROM hd_g_node AS n JOIN hd_g_access AS a ON n.nid=a.nid WHERE
		//  a.rid=$_SESSION['rid']";
	}
}